From 1acb8c09126045ee8a94905bf64333da925fb4f7 Mon Sep 17 00:00:00 2001 From: Jed Davis Date: Fri, 10 Jan 2014 08:22:58 -0500 Subject: [PATCH] Bug 945330 - Reword and slightly improve sandbox violation log message. r=kang The main goal is to have a message that unambiguously indicates a crash, so mozharness can grep for it even if some of the details change later. Also now includes the entire argument list; most syscalls don't use all six, so the last few will be meaningless, but it can't hurt to log them. --- security/sandbox/linux/Sandbox.cpp | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp index a1c81b9493d4..f0e0893ef4b0 100644 --- a/security/sandbox/linux/Sandbox.cpp +++ b/security/sandbox/linux/Sandbox.cpp @@ -65,7 +65,7 @@ static void Reporter(int nr, siginfo_t *info, void *void_context) { ucontext_t *ctx = static_cast(void_context); - unsigned int syscall, arg1; + unsigned long syscall, args[6]; if (nr != SIGSYS) { return; @@ -78,9 +78,16 @@ Reporter(int nr, siginfo_t *info, void *void_context) } syscall = SECCOMP_SYSCALL(ctx); - arg1 = SECCOMP_PARM1(ctx); + args[0] = SECCOMP_PARM1(ctx); + args[1] = SECCOMP_PARM2(ctx); + args[2] = SECCOMP_PARM3(ctx); + args[3] = SECCOMP_PARM4(ctx); + args[4] = SECCOMP_PARM5(ctx); + args[5] = SECCOMP_PARM6(ctx); - LOG_ERROR("PID %u is missing syscall %u, arg1 %u\n", getpid(), syscall, arg1); + LOG_ERROR("seccomp sandbox violation: pid %u, syscall %lu, args %lu %lu %lu" + " %lu %lu %lu. Killing process.", getpid(), syscall, + args[0], args[1], args[2], args[3], args[4], args[5]); _exit(127); }